No Solutions Available.

Provides an embedded security library for native mobile web applications

 

IBM® Security Trusteer® Mobile SDK provides a dedicated security library for Apple iOS and Google Android platforms. The library can be embedded in proprietary mobile banking and e-commerce applications to detect compromised and vulnerable devices and generate persistent device IDs.

 

IBM Security Trusteer Mobile SDK delivers:

High-risk access detection from compromised or vulnerable mobile devices.

A persistent mobile device ID that is generated based on hardware and software attributes and is resilient to application reinstallation.

Augmented certificate authority security to detect and block many kinds of man-in-the-middle attacks.

Enhanced active protection for rooted mobile devices that helps prevent attacks by cybercriminals.

 

High-risk access detection

  • Collects device risk factors when the mobile application is opened.
  • Provides risk data to the mobile banking applications, which can be used to restrict functionality based on the device risk level.
  • Offers the ability to limit specific application functions, such as adding a payee or transferring money on a rooted or jailbroken device.
  • Provides the ability to correlate risk data with additional device and account risk factors, such as malware infections, to flag high-risk access and transactions.
  • Identifies a wide range of data, including risk data (jailbreak/rooting, financial malware, operating system patching); device data (persistent device ID, WiFi connection, SIM data); account data (user ID) and encrypted bank data (session ID).

 

A persistent mobile device ID

  • Allows organizations to distinctly identify any device using the native mobile banking application.
  • Is associated with the user account and identifies the device, even after the phone is reimaged.
  • Helps verify that new devices are identified, login attempts from known devices are unchallenged and potential fraudster devices are flagged.

 

Augmented certificate authority security

  • Provides Certificate Pinning, also known as SSL Pinning.
  • Obtains the server certificate and checks it against the trusted validation data.
  • Bundles the validation data with the application in the form of a trusted copy of that certificate.
  • Delivers the validation data in a trusted hash or fingerprint of that certificate or the public key of the certificate.

 

Enhanced active protection

  • Protects the Android rooting process that can provide attackers with additional privileges on the operating system, enabling different attack vectors.
  • Allows detection of root evasion techniques on Android devices such as root hiders and active hiding techniques.